Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Fighting Google Redirect

Started by Damn Microsoft , Nov 24 2009 03:46 PM

  • Please log in to reply

#1
Damn Microsoft
Posted 24 November 2009 - 03:46 PM

Damn Microsoft

    New Member

  • Member
  • Pip
  • 1 posts
I am fighting with google redirect. Malware bytes, spybot, hijack find nothing. Just let me know what is needed as I have followed all the steps mentioned in the malware forum. Help!?

ComboFix 09-11-23.06 - Tinker 11/24/2009 15:28.7.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.1123 [GMT -6:00]
Running from: c:\documents and settings\Tinker\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2009-10-24 to 2009-11-24 )))))))))))))))))))))))))))))))
.

2009-11-24 17:48 . 2009-11-24 17:48 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-24 17:48 . 2009-11-24 17:48 152576 ----a-w- c:\documents and settings\Tinker\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-24 17:47 . 2009-11-24 17:47 79488 ----a-w- c:\documents and settings\Tinker\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-11-24 17:44 . 2008-07-14 11:09 205560 ----a-w- c:\windows\UNBOC.EXE
2009-11-24 17:44 . 2008-07-14 11:09 212728 ----a-w- c:\windows\CMDLIC.DLL
2009-11-23 15:27 . 2009-11-23 15:27 -------- d-----w- c:\documents and settings\Tinker\Local Settings\Application Data\MyPorts
2009-11-16 00:07 . 2009-11-21 20:19 -------- d-----w- c:\program files\MyDefrag v4.2.6
2009-11-15 22:35 . 2009-11-15 22:35 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-11-15 22:35 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-15 22:35 . 2009-11-15 22:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-15 22:35 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-12 19:42 . 2009-11-12 19:42 -------- d-----w- c:\program files\Avanquest update
2009-11-12 05:45 . 2009-11-12 12:48 -------- d-----w- c:\documents and settings\All Users\Application Data\SITEguard
2009-11-12 05:44 . 2009-11-12 05:44 -------- d-----w- c:\program files\Common Files\iS3
2009-11-12 05:44 . 2009-11-12 16:29 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2009-11-11 18:45 . 2009-11-11 18:45 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-11 18:45 . 2009-11-11 18:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-11-10 02:27 . 2009-11-10 02:27 -------- d-----w- c:\documents and settings\Tinker\Application Data\Malwarebytes
2009-11-10 02:27 . 2009-11-10 02:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-08 20:05 . 2009-11-08 20:05 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-08 20:04 . 2009-11-08 21:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-05 17:17 . 2009-11-09 01:42 -------- d-----w- c:\documents and settings\Tinker\Application Data\Uniblue
2009-11-05 17:17 . 2009-11-09 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-24 17:58 . 2006-01-15 22:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-24 17:57 . 2009-01-06 16:17 -------- d-----w- c:\program files\CCleaner
2009-11-24 17:49 . 2004-05-12 14:24 -------- d-----w- c:\program files\Java
2009-11-24 14:59 . 2007-10-16 20:18 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-11-24 00:25 . 2009-09-08 15:47 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-24 00:00 . 2009-04-10 13:16 -------- d-----w- c:\documents and settings\Tinker\Application Data\uTorrent
2009-11-23 02:30 . 2009-06-14 23:44 -------- d-----w- c:\documents and settings\Tinker\Application Data\Any Video Converter
2009-11-15 22:08 . 2008-10-11 22:24 -------- d-----w- c:\program files\Motorola
2009-11-15 04:46 . 2009-03-27 13:49 117760 -c--a-w- c:\documents and settings\Tinker\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-11-15 04:44 . 2009-07-12 00:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-11-15 04:43 . 2006-01-04 16:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-11-13 05:02 . 2008-10-11 21:46 -------- d-----w- c:\program files\Motorola Phone Tools
2009-11-13 05:02 . 2004-05-13 15:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-11-13 05:01 . 2008-10-03 18:51 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-11-12 21:50 . 2008-10-11 21:50 -------- d-----w- c:\program files\Common Files\Motorola Shared
2009-11-12 15:38 . 2008-04-19 01:21 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-11-12 15:26 . 2009-11-12 15:26 240 ----a-w- c:\windows\system32\drivers\kgpcpy.cfg
2009-11-10 15:36 . 2004-05-12 15:08 73720 -c--a-w- c:\documents and settings\Tinker\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-27 12:55 . 2008-02-21 23:56 -------- d-----w- c:\program files\Palm
2009-10-27 12:52 . 2006-12-30 00:47 -------- d-----w- c:\program files\dvdSanta
2009-10-08 20:57 . 2008-07-30 00:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll
2009-10-08 20:57 . 2004-08-04 12:00 220160 ----a-w- c:\windows\system32\oleacc.dll
2009-10-08 20:56 . 2004-08-04 12:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-06 01:06 . 2007-10-22 15:34 1715 ----a-w- c:\documents and settings\Tinker\Application Data\SAS7_000.DAT
2009-09-25 05:37 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-09-25 05:37 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-11 14:18 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"CallControl 4.5"="c:\program files\FAXTALK COMMUNICATOR\FTCtrl32.exe" [2002-05-18 122368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-24 149280]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"SerialNumber"="A109A-K13-3ZXD-BAP5-TE"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\fxsclnt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=

S0 ElbyVCD;ElbyVCD;c:\windows\system32\DRIVERS\ElbyVCD.sys --> c:\windows\system32\DRIVERS\ElbyVCD.sys [?]
S1 487d68a;487d68a;c:\windows\system32\drivers\487d68a.sys --> c:\windows\system32\drivers\487d68a.sys [?]
S1 SASKUTIL;SASKUTIL;\??\g:\computer-repair-utility-kit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys --> g:\computer-repair-utility-kit\Virus Removal\SuperAntiSpyware\SASKUTIL.sys [?]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [11/15/2009 4:35 PM 38224]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys --> c:\windows\system32\DRIVERS\motport.sys [?]
.
.
------- Supplementary Scan -------
.
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
FF - ProfilePath - c:\documents and settings\Tinker\Application Data\Mozilla\Firefox\Profiles\dlxjobct.default\
FF - prefs.js: browser.search.selectedEngine - AltaVista
FF - prefs.js: browser.startup.homepage - hxxp://www.gpcom.com/
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?&o=13048&l=dis&q=

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy]
@DACL=(02 0000)
"Asynchronous"=dword:00000001
"DllName"=expand:"%SystemRoot%\\System32\\dimsntfy.dll"
"Startup"="WlDimsStartup"
"Shutdown"="WlDimsShutdown"
"Logon"="WlDimsLogon"
"Logoff"="WlDimsLogoff"
"StartShell"="WlDimsStartShell"
"Lock"="WlDimsLock"
"Unlock"="WlDimsUnlock"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@DACL=(02 0000)
@=""
"DLLName"="igfxdev.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:5d,91,57,42,70,a0,53,46,f4,5f,25,c0
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1932)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-11-24 15:33
ComboFix-quarantined-files.txt 2009-11-24 21:32
ComboFix2.txt 2009-11-24 20:53
ComboFix3.txt 2009-11-24 20:33

Pre-Run: 87,464,525,824 bytes free
Post-Run: 87,448,231,936 bytes free

Current=6 Default=6 Failed=1 LastKnownGood=3 Sets=1,2,3,6
- - End Of File - - ECFD28BBE42F5CAC85E240C04A41F4D6



MBAM REPORT

Malwarebytes' Anti-Malware 1.41
Database version: 3224
Windows 5.1.2600 Service Pack 3

11/24/2009 5:13:36 PM
mbam-log-2009-11-24 (17-13-36).txt

Scan type: Full Scan (C:\|)
Objects scanned: 158612
Time elapsed: 15 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Damn Microsoft, 25 November 2009 - 11:22 AM.

  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP